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Abstract — This work proposes a new architecture, called 
Global Authentication Scheme for Mobile Ad-hoc Networks 
(GASMAN), for fully distributed and self-organized authenti- 
cation. In this paper apart from describing all the GASMAN 
components, special emphasis is placed on proving that it fulfils 
every requirement of a secure distributed authentication scheme, 
including limited physical protection of broadcast medium, fre- 
quent route changes caused by mobility, lack of structured hier- 
archy, etc. Furthermore, an extensive analysis through simulation 
experiments in different scenarios is described and discussed. 
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I. Introduction 

Network security consists of several services such as authen- 
tication, confidentiality, integrity, non-repudiation, and access 
control. Among these facilities, authentication, which ensures 
the true identities of nodes, is the most fundamental one 
because other services depend fully on the sure authentication 
of communication entities. 

Mobile Ad-hoc NETworks (MANETs) are autonomous 
networks formed by mobile nodes that are free to move 
at will. These networks have received increasing interest in 
the last years, partly owing to their potential applicability 
to myriad applications, ranging from small, static networks 
that are constrained by power sources, to large-scale, mobile 
and highly dynamic networks. Conventional wired networks 
mainly use a globally trusted Certificate Authority (CA) for 
solving the authentication problem. However, authentication 
in MANETs is undoubtedly much more difficult to solve due 
to several reasons such as the absence of a fixed infrastructure 
and centralized management, the dynamic nature of the nodes, 
the limited wireless range of nodes, the dynamic topology, 
frequent link failures and possible transmission errors [1| 
llT2l . Also, since all the nodes must collaborate to forward 
data, the wireless channel is prone to active and passive 
attacks by malicious nodes, such as Denial of Service (DoS), 
eavesdropping, spoofing, etc. 

One of the most elementary approaches to authentication 
in MANETs found in the bibliography uses a Trusted Third 
Party (TTP) to guarantee the validity of all nodes identities 
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SO that every node who wants to join the network has to get 
a certificate from the TTP. A second identification paradigm 
that has been used in wireless ad-hoc networks is the notion 
of chain of trust [8J. A third typical solution is location- 
limited authentication, which is based on the fact that most ad- 
hoc networks exist in small areas and physical authentication 
may be carried out between nodes that are close to each 
other The special nature of ad-hoc networks, where most 
applications are collaborative and group-based, suggests that 
such traditional approaches to node identification may not be 
always appropriate. As an example of this fact, we have that 
different authentication protocols have been recently proposed 
for ad-hoc networks but all of them have some drawback. For 
instance, the work Q is based on the RSA signature, which 
conducts to the problem of public key certification. Another 
recent example is the paper ifTTl . which provides a solution 
that works well just for short-Uved MANETs. Thus, the design 
of a new scheme that fulfils all the requirements for this type 
of networks continues being considered an open question. 

Here we propose a new architecture for authentication in 
ad-hoc networks called Global Authentication Scheme for 
Mobile Ad-hoc Networks (GASMAN), which is based on 
the established cryptographic paradigm of Zero-Knowledge 
Proofs (ZKPs). Since the information sent while its exe- 
cution does not convey any secret related to the authenti- 
cation process, ZKPs provide an elegant and fault-tolerant 
solution to node authentication in MANETs. Furthermore, 
the GASMAN has other three beneficial properties. Firstly, 
it has scalability because centralized elements, such as CA 
servers, are not required. Secondly, availability is guaranteed 
through the insertion, deletion and access control procedures. 
Finally, our architecture assures strong authentication to any 
legitimate node willing to join the network by using the zero- 
knowledge proof implemented in the access control algorithm. 
The GASMAN algorithms jointly with mobility help to reduce 
the time necessary for nodes to join and access the network 
in a timely manner Summing up, the main features of the 
proposed protocol are the adaptation to the varying topology 
of the network, the open availability of broadcast transmissions 
and the strong access control. 

Up to now, very few publications have mentioned the 
proposal of authentication systems for ad-hoc networks using 



ZKPs 111 lfT3]l . and none of them has dealt with the related 
problem of topology changes in the network. A recent ZKP- 
based hierarchical proposal for MANETs related with the one 
proposed here was described in 0, where two different secu- 
rity levels were defined through the use of a hard-on-average 
graph problem, and no topology changes were considered. 

This work is organized as follows. The following section 
provides an overview of the proposal, some general aspects of 
the proposal and the notation used in its description. Specific 
details about the five principal elements of the architecture, i.e., 
network initialization, node insertion, access control, proofs 
of life and node deletion are gathered in Section [Hi] The 
assumptions required by GASMAN and an analysis of its 



security are commented in Section IV A performance analysis 
developed under NS-2 is provided in Section [V] Finally, some 
conclusions and open questions complete the paper. 

II. Basics and Notation 

The proposed protocol was designed as an authentication 
scheme for group membership because when a node wants 
to be part of the network, it has to be previously authorized 
by a legitimate node. According to the authors of |10|, in 
any group member authentication protocol it is necessary to 
provide robust methods to insert and to delete nodes, as well 
as to allow the access only for legitimate members of the 
group. For that reason, not only the ZKP used for access 
control is described, but also the update procedures associated 
to insertions and deletions are carefully defined. For instance, 
the procedure to delete nodes is only initiated once a node has 
been disconnected of the network for too long. The period of 
time after which the node is deleted is a parameter (T) of the 
system here presented. 

The access control described below is based on the general 
scheme of Zero-Knowledge Proof introduced in |3|, when 
using the Hamiltonian Cycle Problem (HCP). A Hamiltonian 
cycle in a graph is a cycle that visits each vertex exactly once 
and returns to the starting vertex. Determining whether such 
cycles exist in a graph defines the Hamiltonian Cycle Problem, 
which is NP-complete. Such a problem was chosen for our 
design mainly due to the low cost of the operations associated 
to the update of a solution. This is an important characteristic 
since in a highly dynamic setting such as MANETs these 
operations will be developed frequently. Anyway, there should 
be pointed out that similar schemes based on different NP- 
complete graph problems might be described. The only feature 
demanded to the problems chosen is that the solutions may be 
easily updated when small changes occur in the network. This 
is just the case of the Vertex Cover, Independent Set or Clique 
Problems, for instance. 

One of the key points to assure the correct operation of 
GASMAN is the use of a chat application through broadcast 
that makes it possible for legitimate on-line nodes to send 
a message to all on-line users. Such an application allows 
publishing all the information associated to the update of the 
network. Although secrecy is not necessary for chat messages, 
because they are not more than gibberish for illegitimate 



nodes, it is required that only the on-line legitimate nodes 
execute the chat application. 

The information received through the chat application dur- 
ing an interval of time must be stored by each on-line node 
in a FIFO queue. Such data should be stored by each on-line 
node, allowing in this way the updating of the authentication 
information not only to it but also to all the off-line legitimate 
nodes whose access will be granted. Such a period is an 
essential parameter in the system because it states both the 
maximum off-line time allowed for any legitimate node, and 
the frequency of broadcasting the proofs of life. Consequently, 
such a parameter should be previously agreed among all the 
legitimate nodes of the network. 

A generic life-cycle of a MANET has three major phases 
that are described below (see figure 1): 
Initialization: 

Each initial member in the original network will be 
securely provided, either off-line or on-line, with a 
secret piece of information. The knowledge of the 
secret network key will be used during access control 
in order to prove the node's eligibility for accessing 
to the protected resources or to offer service to the 
network. After completing this stage, the legitimate 
nodes are ready to actively participate in the network. 
Access Control: 

The access control process allows a legitimate node 
to prove its network membership to an on-line node. 
These legitimate nodes must demonstrate knowledge 
of the secret network key by using a challenge- 
response scheme. 
On-line Session: 

Once the legitimate node reaches an on-line state 
in the network, it gets full access to the protected 
resources such as the chat application. At the same 
time, it may offer services such as the insertion of 
new nodes. There should be taken into account that 
the secret network key will be updated according to 
the network evolution. Hence, if a node is off-line for 
too long, its secret key will expire. In such a case, 
the legitimate node would have to be re-inserted by 
an on-line legitimate node. 
Since in our proposal the secrecy of the network key is 
provided by the difficulty of the HCP, the number of on-line 
legitimate nodes is a crucial parameter. In consequence, as 
soon as the number of on-line legitimate nodes becomes too 
small (when comparing it with certain threshold parameter), 
the network termination is earned out and therefore, the life- 
cycle of the network ends. 

Probably, the most remarkable aspect in our proposal is that 
no meaningful information may be stolen even if an adversary 
is able to reads the whole information published through 
the chat application, or even if it eavesdrops the information 
exchanged between a legitimate prover and verifier at the time 
of executing the access control protocol. 

In the following, the basic notation used throughout the 
proposal is explained. 
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Gt = (Vt, Et) denotes the undirected graph used at stage 
t of the network Ufe-cycle. 

Vi G Vt represents both a vertex of the graph and a 
legitimate node. 

n — \Vt\ is the order of Gt, which coincides with the 
number of legitimate nodes. 

Nct{vi) denotes the neighbours of node Vi in the graph 
Gt. 

n(14) represents a random permutation over the vertex 
set Vt 

ll{Gt) denotes the graph isomorphic to Gt built after 
applying permutation 11 (Vt). 

c ^r C indicates that an element c is chosen at random 
with uniform distribution from a set G. 
HGt designates the Hamiltonian cycle used at stage t. 
Ii{HCt) represents the Hamiltonian cycle HGt in the 
graph n(Gt). 

Nncti'^i) denotes the neighbours of node Vi in the 
Hamiltonian cycle HGt. 

S and A stand for the supplicant and the authenticator, 
respectively. This notation is used both while an insertion 
phase and the execution of a ZKP-based access control 
are carried out. 

S* ^ A symbolizes when node S contacts A. 
A ^ S : information means that A and S agree on 
information 

A —)' S : information means that A sends 
information to S through a secure channel. 
A ^ 5 : information means that A sends 
information to S through an open channel. 
A — > network : information represents when A 
broadcasts information to all on-line legitimate nodes. 
A o network : information represents a two-step 
procedure where A broadcasts information to all on- 
line legitimate nodes of the network, and receives their 
answers. 

h stands for a public hash function. 
T denotes the threshold period that a legitimate nodes 



may be off-line without been excluded of the network. 

III. GASMAN DESCRIPTION 

This section contains the description of the procedures that 
form part of the GASMAN architecture, including all the 
specific details about network initialization, node insertion, 
access control, proofs of life and node deletion. 

A. Network Initialization 

The proposed protocol requires the definition of an initial- 
ization phase where the secret information associated to the 
process of identification is generated and distributed within 
the initial network. This initialization phase consists in the 
definition of the graph used for the development of the proto- 
col. Such a graph should be generated with the participation 
of all the original members of the network. Furthermore, the 
initialization phase also implies the shared generation by the 
initial legitimate members of the network of a solution to the 
HCP in such a graph. 

In our proposal, as in trust graphs ||9|, the graph vertexes set 
corresponds to the set of nodes in the actual network during 
its whole life-cycle. Consequently, the initialization process 
starts from a set Vq of n vertexes corresponding to the nodes 
of the initial network. Hence, each vertex sub-index may be 
used as ID (IDentification) for the corresponding node. The 
first step of the initialization process consists of generating 
cooperatively and secretly a random permutation 11 of such a 
set. Once this generation is completed, each legitimate node 
should know a Hamiltonian cycle HGq corresponding exactly 
to such a permutation. Finally, the partial graph formed by 
the edges corresponding to such a Hamiltonian cycle HGq, 
is completed by adding n groups of ^^ edges, producing the 
initial edge set Eq. Here, m stands for the number of edges 
that the initial graph will have after the initialization stage. 
Each one of these n groups of edges will be generated by 
Vi, i = 1,2, ..., n according to the following restrictions: they 
must have Vi as one of its vertexes, while the other one will 
be randomly generated. Note that the size ^^ of those edge 
subsets must be large enough so that the size of the resulting 



edge set |_Eo| = to guarantees the difficulty of the HCP in the 
graph Go. 

InitiaHzation Algorithm 

Input: Vq, with |Vo| — n. 

1. The n nodes of the network generate cooperatively, 
secretly and randomly the cycle HCq = H (Vq). 

2. \/vi E Vq, Vi builds the set 

NGoii) = {{^3 Gr Vo} U Nncoii)} 

with|iVG„«| = ^. 

3. \fvi e Vq : Wi ^ network : NQ^^{i). 

4. \/vi E Vq : Vi merges: 

Eo= U {{v,,v,):v,eNG„{i)}. 

i=l,2,...,n 

Output: Go = {Vo,Eo), with \Eo\ = to. 

Once the creation of the initial instance of the problem has 
been carried out through the contribution of all the nodes of 
the network, each node will know a Hamiltonian cycle in the 
resulting ^^ -regular graph. From then on, each time a new 
user S wants to become a member of the network, it has to 
contact a legitimate member A in order to follow the insertion 
procedure explained in the following section. 

B. Node Insertion 

Let us suppose that we are at stage t of the network life- 
cycle when a user S contacts a legitimate member A of the 
network to become a member of the network. Once 5* has 
convinced A to accept its membership in, the first step that A 
should carry out is to assign S the lowest vertex number Vi 
not assigned so fat in the vertex set Vt- Afterwards, A should 
broadcast such an assignment to all on-line legitimate nodes in 
order to prevent another simultaneous insertion with the same 
identifier. If A receives less than n/2 answers to the previous 
message, she stops the insertion procedure because the number 
of nodes that are aware of the insertion is not large enough. 
Otherwise, A develops the corresponding update of the secret 
Hamiltonian cycle HCt by selecting at random two neighbour 
vertexes Vj and Vk in order to insert the new node Vi between 
them. Additionally, A chooses at random a subset of ^^ — 2 
nodes in Vt such that none of them is its neighbour in HCt. 
Finally, A broadcasts the set of neighbours Not^i^i (fi) of S in 
the new graph Gt+i ■ 

Each time a node receives a graph update, it should secretly 
modify the corresponding Hamiltonian cycle. In order to 
achieve it, it uses the information provided to identify the 
unique position (according to the new edge set Et+i) in the 
cycle where the new node can be inserted. In this way, it will 
be able to easily update the secret network key by simply 
inserting the vertex Vi between the vertexes Vj and Vk- At the 
same time, the authenticator node A must send the supplicant 
node S both the graph Gt+i (deploying an open channel), and 
the Hamiltonian cycle HCt+i (through a secure channel). 

Insertion Algorithm 

Input: At stage t a supplicant node S wants to become a 
member of the network. 



1. S^A. 

2. Node S convinces node A to accept its membership 
in the network. 

2. A assigns S the identifier Vi such that i — min{l : 
VI ^ Vt} 

3. A ^^ network : Vi 

3.1 If A receives less than n/2 answers, she stops 
the insertion procedure. 

3.2 Otherwise: 

3.2.1 A chooses: 

{Vj,Vk) ■■ Vj Er Vt,Vk Gr NcHt{Vj) 

3.2.2 A chooses at random: 

NCt+iiVt) = {Vj,Vk}U{wi,W2,...,W2^_2} 

such that NGt_i_i{vi) C VtAywi^,wi2 : wi^ ^ 
Ncmiwh)} 

3.2.3 A — > network : A^Gj^j(ui) 

3.2.4 Each on-line node updates Gt by defining 

Vt+i ^VtU {wj, Et+1 ^ EtU NG,+Av^) 
and HGt+i ^ HCt\{iv,,Vk)}U{{vj,v,)U 

{Vi,Vk)} 

3.2.5 A^v,: Gt+i 

3.2.6 AAv,: HCt+i 

Output: The supplicant node S becomes a legitimate mem- 
ber of the network. 

C. Access Control 

If a legitimate node S has been off-line or out-of-coverage 
from stage t and wants to re-enter into the network at stage r, 
its first step should be to contact a legitimate on-line member 
A. Afterwards, A should check whether the period S has 
been off-line is not greater than T. In this case, 5* has to 
be authenticated by A through a ZKP based on its knowledge 
of the secret solution HGt on the graph Gt- 

The aforementioned ZKP begins with the agreement be- 
tween A and S on the number of iterations I to execute. 
From there on, in each iteration, S will choose a random 
permutation Ilj{Vt) on the vertex set that will be used to 
build a graph n(Gt) isomorphic to Gt- The hash value of both 
the permutation h{Ilj{Vt)) and the Hamiltonian cycle in the 
graph h(Ilj{HGt)) are then sent to A- When this information 
is received by A, it chooses a bit bj at random (bj E^ {0, 1}). 
Depending on the selected value, S will provide A with the 
image of the Hamiltonian cycle through the isomorphism, 
or with the specific definition of the isomorphism. In the 
verification phase, A will check that the received information 
was correctly built. 

Once the authentication of supplicant S has been success- 
fully carried out, the authenticator A gives him the necessary 
information to have full access to the protected resources such 
as the chat application, for example. 

Access Control Algorithm 

Input: At stage r a supplicant node S that has been off-line 
since stage t wants to re-enter into the network. 

1. S^A 



S^ A:Gt 

A checks whether r — t <T 

4. if r — t > T then S is not authenticated 

5. otherwise: 

- A^ S -.1 

- forj-1,2,---,; 

5.1 S chooses Ilj{Vt) and builds Ilj{Gt) and 
Ilj{HCt), the graph isomorphic to Gt 
and the corresponding Hamiltonian cycle, 
respectively. 

5.2 S^A:{hiIlj{Vt)),h{IljiHGt))} 

5.3 A chooses the challenge bj <Er {0, 1} 

5.4 A A 5" : 6, 



5.4.1 If b, 



then 5* 



A 



{n,(Gt),n,{HCt)} 

5.4.2 If bj = 1 then S -^ A-.Hj 
5.5 A verifies that 

a) Hj {HGt ) ) is a valid Hamiltonian cycle 
in UjiGt), if 6j ==0 

b) the hash function h applied on IIj(Gt) 



coincides with h{Ilj{Gt)), if bj 
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- if 3j e {1, 2, . . . , /} such that the verification 
is negative, then S is isolated. 

- otherwise A —>■ S : the necessary information 
to have full access to protected resources of 
the network. 

Output: Node S is connected on-line to the network. 

D. Proofs of Life 

All on-line legitimate nodes have to confirm their presence 
in an active way. Such a confirmation is carried out every 
period of time T. It consists in broadcasting a message (proof- 
of-life) to all on-line legitimate nodes. 

If some insertion happens during such a period, a proof 
of life of every on-line legitimate node will be distributed 
together with the information necessary for the insertion 
procedure. Otherwise, only the proof of life is required. During 
such a broadcast every node adds its own proof of life to the 
broadcast. In this way, when the broadcast reaches the last 
node, a broadcast back starts containing the proofs of life of 
all on-line legitimate nodes. 

Proof-of-Life Algorithm 

Input: At stage t node A is an on-line legitimate node of 
the network. 

1. A initializes its clock = just after its last proof of 
life. 

2. if docfc >T then 2.1 

1) A -H- network : A's proof of life 

2.1.1 If A receives less than n/2 proofs of life as 
answers to her broadcast, she stops her proof 
of life and puts back her clock. 

2.1.2 Otherwise: A — )■ network : Received 
proofs of life 

Output: At stage t + 1 node A continues being an on-line 
legitimate node of the network of the network. 



E. Node Deletion 

The deletion procedure is mainly based on the confirmation 
of the active presence of on-line legitimate nodes through their 
proofs of life. Each node should update its stored graph by 
deleting all those nodes that have not sent any proof of life 
after a period T. This fact implies that each node that has not 
proven its presence will be deleted from the network, as well 
as from the Hamiltonian cycle. 

Node deletions are explicitly communicated to all on-line 
legitimate nodes in the second step of broadcasts of proofs of 
life. This way to proceed allows any node that is off-line in 
that moment will be able to update its stored graph as soon 
as it gets access to the network. 

Deletion Algorithm 

Input: At stage t, a node Vi is an off-line legitimate node 
of the network. 

1. A initializes her clock — 0. 

2. if clock > T then 

2.1 Vvi d Vt: A checks u/s proof of life in A's 
FIFO queue. 

2.2 A updates Vt+i — Vt\ {vi G Vt with no proof 

}■ 

2.3 A updates Et+i — Et\{{vi, Vj) : Vi £ Vt with 
no proof, Vj e Nct(vi)} U {{vj,Vk) : Vj,Vk G 

2.4 A updates HCt+i = HCt\{{vj,v,), (w„ Vk)}U 
{vj,Vk) : Vi E Vt with no proof, Vj,Vk G 



N 



HCtivi) 



3. 



If A started the broadcast used for the Vi's deletion, A 
adds this information to the second step of the proof- 
of-life broadcast: A — )■ network : Vi is deleted. 
Output: At stage t + 1 the node Vi has been deleted both 
from the network and from the graph. 

This procedure guarantees a limited growth of the graph 
that is used in authentication, and at the same time, allows 
that always the legitimate nodes set corresponds exactly to 
the vertexes in that graph. Apart from this, it is remarkable 
the fact that thanks to this procedure the recovery of legit- 
imate members of the network that have been disconnected 
momentarily is possible. 

IV. Assumptions and Security Analysis 

This proposal initially assumes the ideal environment where 
all legitimate nodes are honest and where no adversary may 
compromise a legitimate node of the network in order to read 
its secret stored information. Such assumptions are well suited 
as a basic model in order to decide under which circumstances 
the GASMAN is applicable to MANETs. For instance, a 
possible adaptation of the proposal in order to avoid those 
hypothesis could be defining a threshold scheme to be used 
in every step of the GASMAN, so that every proof of life, 
insertion, access control or deletion operation should be done 
by a coalition of on-line nodes. Then, a dishonest node would 
not affect the correct operation of the network. 



It is clear that the proposal inherits some problems of the 
distributed trust model such as the important necessity that 
legitimate nodes cooperate. Consequently, it is advisable to 
include a scheme to stimulate node cooperation. 

Finally, another requirement of the GASMAN is the es- 
tablishment of a secure channel for the insertion procedure. 
However, that aspect may be easily fulfilled thanks to the fact 
that most wireless devices are able to communicate with each 
other via Bluetooth wireless technology. 

With respect to possible attacks and due to the lack of a 
centralized structure, it is natural that possible DOS (Denial 
Of Service) attacks have as their main objective the chat 
application. In order to protect the GASMAN against this 
threat it must be assured that chat messages, although are 
publicly readable, may be only sent by legitimate on-line 
members of the network. Another important aspect related to 
the use of the chat application is the necessary synchronization 
of the on-line nodes, so a common network clock is necessary. 
This requirement has been implemented during simulations 
through the chat application. 

MANETs are in general vulnerable to different threats such 
as identity theft (spoofing) and the man-in-the-middle attack. 
Such attacks are difficult to prevent in environments where 
membership and network structure are dynamic and the pres- 
ence of central directories cannot be assumed. However, our 
proposal is resistant to spoofing attacks because access control 
is granted through a ZKP. It implies that any information 
published through the chat application or sent openly during 
the execution of access control mechanism becomes useless. 

On the other hand, the goal of the man-in-the-middle attack 
is either to change a sent message or to gain some useful 
information by one of the intermediate nodes. Again, the use 
of ZKPs in our protocol implies that reading any transferred 
information does not reveal any useful information about the 
secret, so changing the message is not possible since only 
legitimate nodes whose access has been allowed can use the 
chat application. 

Another active attack that might be especially dangerous 
in MANETs is the so-called Sybil attack. It happens when a 
node tries to get and use multiple identities. The most extreme 
case of this type of attacks is the establishment of a false 
centralized authority who states the identities of legitimate 
members. However, this specific attack is not possible against 
our scheme due to its distributed nature. In the GASMAN, 
the responsibility of controlling general Sybil attacks will be 
shared among all the on-line nodes. If an authenticator node 
detects that a supplicant node is trying to get access to the 
network by using an ID that is yet being used on-line, such 
access control must be denied and the corresponding node 
must be isolated. The same happens when any on-line node 
detects that an authenticator node is trying to insert a new 
member into the network with a new ID, and such a node 
has yet assigned as a vertex ID. Again, such insertion must be 
denied and the corresponding supplicant node must be isolated. 
Anyway, if a Sybil attacker enters the network, any of its 
neighbours will detect it as soon as it sends proofs of life for 



different vertexes ID. 

V. Performance Analysis 

We now analyze the efficiency of the proposal both from 
the energy consumption and from computational complexity 
points of view. We consider the energy consumption which is 
the result of transmissions of data and processor activities due 
to authentication tasks. In the proposal there are two phases 
when computational overhead is more significant; the ZKP- 
based access control and the periodic checking of stored ele- 
ments in the FIFO queue. A reduction on the number of rounds 
of ZKP has a direct effect on the total exchanged messages 
size in insertions, but a trade-off should be maintained between 
protocols robustness and performance. Indeed, regarding total 
data transmission over wireless links, the ZKPs take less than 
10% in a usual situation. 

The dominant time-consuming jobs are the periodic proofs 
of life, which accounts for around 90% of the total exchanged 
message size in many cases. However, we found that these 
compulsory proofs of life imply an incentive technique for 
stimulating cooperation in authentication tasks. This is due to 
the fact that nodes that are broadcasters of deletion queries 
or authentic at ors in insertions or access controls are exempted 
from their obligation to broadcast their proofs of life. 

In order to reduce data communication cost of the protocol, 
an increase on the threshold period T might be an option, 
but again an acceptable balance should be kept. According to 
our experiments, T should depend directly on the number of 
legitimate and/or on-line nodes in order to prevent a possible 
bandwidth overhead in large networks. 

For the performance analysis of the proposal we used the 
Network Simulator NS-2 with the DSR routing protocol. We 
created several Tel based NS-2 scripts in order to produce 
various output trace files that have been used both to do 
data processing and to visualize the simulation. Within our 
simulation we used the visualization tool of Network Animator 
NAM and the NS-2 trace files analyzer of Tracegraph. For the 
simulation of mobility we used the Setdest program in order 
to generate movement pattern files using the random Waypoint 
algorithm. 

An example of simulation is shown graphically in Figure 2. 
Basically, it consists of generating a scenario file that describes 
the movement pattern of the nodes and a communication file 
that describes the traffic in the network. These files are used 
to produce trace files that are analyzed to measure various 
parameters. An excerpt of the trace files corresponding to the 
same example is shown in Table [I] 

The trace files are used to visualize the simulation using 
NAM, while the measurement values are used as data for 
plots with Tracegraph. The final graph and Hamiltonian cycle 
associated to the example network is shown in Figure 3where 
green is used to indicate the Hamiltonian cycle, blue is used 
for the inserted nodes and red is used for the edges deleted 
from the Hamiltonian cycle when inserting new nodes. 

In order to study the effectiveness of the GASMAN, we 
studied it in a set of realistic scenarios. In particular, we 
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Fig. 2. Example of Network Simulation with NS-2 
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Fig. 3. Example of Final Associated Graph and Hamiltonian Cycle 



used the most commonly used mobility model by the research 
community, the so-called Random Waypoint Model, which 
uses pause times and random changes in destination and speed. 

An extensive number of simulations using NS-2 simulator 
with 802.11 MAC and DSR routing protocols in order to see 
the effects of different metrics by varying network density and 
topology were run. Within the simulations, relationships can be 
established anytime two nodes are located in close proximity 
and the random walk mobility model was used with various 
pause time and maximum speed. In particular, we varied the 
number of nodes from 15 to 100. Also, our architecture was 
evaluated with 250 x 250, 500 x 500, and 750 x 750 m2 square 
area of ad-hoc network. In each case, the nodes move around 
with 0.5 second pause time and 20m/s maximum speeds. The 
transmission range of the secure channel is 5 meters while 
that of the data channel is fixed to 250 meters. The period of 
simulation varied from 60 to 200 seconds. We also changed 
the probabilities of insertions and deletions in each second 
from 5% to 25%, in order to modify the mobility rate and 
antenna range of nodes from 2 to 15 m/s and 100 to 250 meters 



respectively. This range also defines different frequencies of 
accesses to the network. 

The first conclusions we obtained from the simulations are: 

• The protocol scales perfectly to any sort of networks with 
different levels of topology changes. 

• Node density is a key factor for the mean time of 
insertions, but such a factor is not as big as it might 
be previously assumed since nodes do not forward two 
packets of data corresponding to the same proof of life 
coming from two different nodes. 

• A right choice of parameter T should be done according 
to number of nodes, bandwidth of wireless connections 
and computation and storing capacities of nodes. 

• A positive aspect of the proposal is that the requirements 
in the devices' hardware are very low. 

VI. Conclusions and Open Questions 

Successful authentication in mobile ad-hoc networks is criti- 
cal for assuring secure and effective operation of the supported 
application. This work describes a new authentication scheme, 
the so-called GASMAN, which was specially designed for 



Time Event 

0.1 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 are legitimate 

1.29 Insertion of Node 14 is broadcast by Node 4 

1.30 Nodes 3, 1, do not answer to the proof of life 
3.29 Node reaches 8 and starts a ZKP for re-insertion 
8.69 Node 3 reaches 4 and starts a ZKP for re-insertion 
9.40 Node 1 reaches 10 and starts a ZKP for re-insertion 
1 1 .65 Node 1 turns off 

13.97 Proof of life started by Node 3 

14.27 Nodes 1, 2 do not answer to the proof of hfe 

14.82 Node 2 reaches 14 and starts a ZKP for re-insertion 

17.27 Proof of life started by Node 2 

17.57 Nodes 1, 5 do not answer to the proof of hfe 
21.71 Node 5 turns off 

31.40 Node 1 turns on and Node 2 is chosen for the ZKP 
3 1 .46 Node 4 turns off 

32.51 Proof of life started by Node 1 

32.78 Nodes 4, 5, 6 do not answer to the proof of hfe 
34.29 Node 6 reaches 2 and starts a ZKP for re-insertion 
38.51 Proof of life started by Node 6 

38.79 Nodes 4, 5 do not answer to the proof of hfe 
41.46 Node 1 turns off 

53.25 Node 1 turns on and Node is chosen for the ZKP 
59.61 Proof of life started by Node 6 

59.99 Nodes 4, 5 do not answer to the proof of hfe 

64.26 Node 5 is deleted 
64.71 Node 2 turns off 

72.58 Node 4 turns on and Node is chosen for the ZKP 

75.41 Insertion of Node 13 is broadcast by Node 14 
75.43 Node 2 does not answer to the proof of life 



HC 

8,3,9,7,4,2,6,5,1,10,0 
8,3,9,7,4,14,2,6,5,1,10,0 



8,3,9,7,4,14,2,6,1,10,0 



8,3,9,7,4,14,2,13,6,1,10,0 



TABLE I 

Example of Trace 



MANETs. Such a protocol supports knowledge-based member 
authentication in server-less environments. The overall goal 
of the GASMAN has been to design a strong authentication 
scheme that is able to react and adapt to network topology 
changes without the necessity of any centralized authority. 
Its core technique consists of a Zero-Knowledge Proof, in 
order to avoid the transference of any relevant information. 
Furthermore, the proposal is balanced since the procedures that 
the legitimate members of the network have to carry out when 
the network is updated (insertion or deletion of nodes) imply 
identical work for every legitimate member of the network. 

The development of an initial simulation of the proposal 
through the NS-2 network simulator has been carried out. The 
definitive simulation results will be included in a forthcoming 
version of this work. Also, the study of different applications, 
practical limitations and possible extensions of the GASMAN 
may be considered open problems. 
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